Near field communication (nfc) transactions processed by a management server

ABSTRACT

A method for transmitting data between a mobile communication device and a server. The method includes running a mobile application on the mobile communication device. The mobile application is hosted on the mobile communication device through the server as a Software as a Service (SaaS). The method further includes transmitting data associated with the mobile application between the mobile communication device and the server, in which transmission of the data between the mobile communication device and the server is monitored through the server.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation and claims priority to U.S.application Ser. No. 13/620,632 filed Sep. 14, 2012, titled, “MOBILECOMMUNICATION DEVICE SECURE NEAR FIELD COMMUNICATION (NFC) PAYMENTTRANSACTIONS WITH AUTHENTICATION” which is a continuation and claimspriority to U.S. application Ser. No. 11/939,821, filed Nov. 14, 2007,titled METHOD AND SYSTEM FOR SECURING TRANSACTIONS MADE THROUGH A MOBILECOMMUNICATION DEVICE, now U.S. Pat. No. 8,290,433, issued on Oct. 16,2012, all of which is incorporated by reference herein in its entirety.

FIELD OF INVENTION

The present invention relates to data communications and wirelessdevices.

BACKGROUND OF THE INVENTION

Mobile communication devices—e.g., cellular phones, personal digitalassistants, and the like—are increasingly being used to conduct paymenttransactions as described in U.S. patent application Ser. No.11/933,351, entitled “Method and System For Scheduling A BankingTransaction Through A Mobile Communication Device”, and U.S. patentapplication Ser. No. 11/467,441, entitled “Method and Apparatus ForCompleting A Transaction Using A Wireless Mobile Communication Channeland Another Communication Channel, both of which are incorporated hereinby reference. Such payment transactions can include, for example,purchasing goods and/or services, bill payments, and transferring fundsbetween bank accounts. Given the sensitive nature of personal money orbanking data that may be stored on a mobile communication device as aresult of the ability to transact payments, it is critical to protect auser from fraudulent usage due to, e.g., loss or theft of a mobilecommunication device.

BRIEF SUMMARY OF THE INVENTION

In general, in one aspect, this specification describes a method fortransmitting data between a mobile communication device and a server.The method includes running a mobile application on the mobilecommunication device. The mobile application is hosted on the mobilecommunication device through a management server. The method furtherincludes transmitting data associated with the mobile applicationbetween the mobile communication device and the server, in whichtransmission of the data between the mobile communication device and themanagement server is monitored through the management server.

Implementations can include one or more of the following features.Transmitting data can include generating a session key that is onlyvalid for a given communication session between the mobile communicationdevice and the server. The method can further include disabling use ofthe mobile application running on the mobile communication devicethrough the management server by invalidating the session key. Themethod can further include timing out a given communication sessionbetween the mobile communication device and the management server aftera pre-determined amount of time to prevent theft of data that isaccessible through the mobile application. Transmitting data associatedwith the mobile application between the mobile communication device andthe management server can include prompting a user to enter a paymentlimit PIN in response to a pending purchase exceeding a pre-determinedamount. The payment limit PIN can be applied to all purchases globallyor on a per-payment basis. The method can include use of biometrics toauthenticate the user before authorizing the transacation. The mobileapplication can comprise a payment transaction application that permitsa user to perform one or more of the following services including billpayment, fund transfers, or purchases through the mobile communicationdevice. The mobile application can permit a user to subscribe to each ofthe services separately.

The details of one or more implementations are set forth in theaccompanying drawings and the description below. Other features andadvantages will be apparent from the description and drawings, and fromthe claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates one implementation of a block diagram of acommunication system including a wireless mobile communication device.

FIG. 2 illustrates one implementation of the wireless mobilecommunication device of FIG. 1.

FIG. 3 illustrates one implementation of a method for authenticating auser.

FIG. 4 illustrates one implementation of a method for remotely lockinguse of a mobile application on a mobile communication device.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 illustrates one implementation of a communication system 100. Thecommunication system 100 includes a hand-held, wireless mobilecommunication device 102 a point-of-sale device 104 and a remote server106. In one implementation, the mobile communication device 102 includesa mobile application (discussed in greater detail below) that permits auser of the mobile communication device 102 to conduct paymenttransactions. Payment transactions can include, for example, usingcontactless payment technology at a retail merchant point of sale (e.g.,through point of sale device 104), using mobile/internet commerce (e.g.,purchase tickets and products, etc.), storage of payment information andother digital artifacts (receipts, tickets, coupons, etc), storage ofbanking information (payment account numbers, security codes, PIN's,etc.), and accessing banking service (account balance, payment history,bill pay, fund transfer, etc.), and so on.

In one implementation, the mobile application running on the mobilecommunication device 102 implements one or more of the following toolsto secure data that may be stored and presented on the mobilecommunication device 102 as a result of a payment transaction. Themobile application can implemented one the mobile communication device102 through a management server which hosts and operates (eitherindependently or through a third-party) the application for use by itscustomers over the Internet, or other wireless network (e.g., a privatenetwork), or a wired network. In one implementation, customers do notpay for owning the software itself but rather for using the software. Inone implementation, the mobile application is accessible through an APIaccessible over the Web (or other network). The mobile application caninclude a multi-factored PIN-based login and authentication, and includesession keys and have command-level authentication. In oneimplementation, the mobile application running on the mobilecommunication device 102 can be remotely locked through a remote server(e.g., remote server 106). In one implementation, a PIN request can beimplemented to limit the amount of purchases that can be made. Further,security codes for different payment methods can be implemented toprotect a user. Each of these tools is discussed in greater detailbelow.

FIG. 2 illustrates one implementation of the mobile communication device102. The mobile communication device 102 includes a mobile application200 that (in one implementation) is provided to the mobile communicationdevice 102 through a remote server (e.g., remote server 106). In oneimplementation, the mobile application is a Mobile Wallet applicationavailable from Mobile Candy Dish, Inc., of Berkeley, Calif. Providingthe mobile application as a hosted service enables central monitoringand management of all security aspects of the service at the remoteserver. In addition, data (corresponding to a payment transaction) canbe stored on the remote server (e.g., remote server 106 (FIG. 1)) in asecure manner. In one implementation, the remote server is a managementserver that is can be maintained by Mobile Candy Dish or a trusted thirdparty, as described in U.S. patent application Ser. No. 11/933,351. Forexample, the data can be securely stored on the remote server usingconventional PCI guidelines. Hence, in the event the mobilecommunication device 102 is lost (or stolen), no confidential data canbe recovered as no data is stored on the mobile communication device102. In addition, an added benefit is that a user can recover seamlesslyby syncing new mobile communication device (via new installation of themobile application) with the service. Thus, in one implementation,sensitive information (e.g., banking account numbers, credit cardaccount numbers, expiry dates, and so on) are never stored on the mobilecommunication device. This reduces risk and exposure of the user'sprivate information and data.

Client Login and Authentication

In general, while effort is made to minimize storage of sensitive userinformation and data in a memory of a mobile communication device, inone implementation, some data is stored in the memory of a mobilecommunication device due to reasons of performance, usability and userexperience. For example, data may need to be stored on a mobilecommunication device in the following circumstances. Paymentcredentials, coupons, tickets, and so on may have to be stored on thesecure element of an NFC phone. Account balance, banking paymenthistory, etc., may be locally cached on a mobile communication device.In one implementation, a user can opt-in to save payment method securitycodes in the client (or mobile application) for convenience. Ticketsand/or coupons may be locally cached so that a user can redeem thetickets and/or coupons in an offline mode. For example, a mobilecommunication device may be offline in a situation in which networkconnectivity inside a building is degraded, and storing a ticket and/orcoupon in a local cache of the mobile communication device permits theuser to access the ticket or coupon.

In addition to data partitioning, in one implementation, users have anability to subscribe to different services. For example, User A maysubscribe to “Mobile Payments” and “Mobile Banking” services, while UserB may only subscribe to “Mobile Banking” and “What's Nearby” services.Hence, in one implementation, the mobile application includes amechanism to enable/disable different services on the Client based onparticular services to which users are subscribed. Table 1 belowillustrates example services that are enabled/disabled based on usersubscriptions.

TABLE 1 USER SERVICE SUBSCRIPTION STATUS User A Money Manager DisabledUser B Money Manager Transaction Only User C Money Manager Transaction,Payment User D Money Manager Transaction, Payment, BillPay, FundTransferThe above example control access to the Money Manager service and whatprivileges within the service a given user can perform. This will beused by the Client (mobile application) to enable/disable availablefeatures on the Client.

In one implementation, when a user subscribes to a mobile wallet theuser is assigned credentials that include a unique WalletID, SiteKey, auser-defined PIN, as well as tokens that specify access and privilegesfor the different services. FIG. 3 illustrates one implementation of amethod 300 for authenticating a user. User input is received (through amobile communication device) logging into the mobile application service(step 302). In one implementation, when a user attempts to login withthe client, the user is prompted to enter login credentials (e.g.,mobile phone number, 1-time activation code, Wallet PIN, etc.). Asession key is generated (step 304). In one implementation, the sessionkey is a unique server-generated session key that is valid only for theduration of a given session. In one implementation, the session key isused to ensure the server can identify the client and ensure that theclient has been previously authenticated. Upon a successful login, theserver will transfer credentials, service access and privileges (step306), which are locally cached on the mobile communication device. Theservice access and privileges control the behavior of the client. In oneimplementation, to prevent command spoofing, the session key is passedin every API server call. The server will validate (every time) thesession key is valid. If valid, the API server call is processed.Failure to validate the session key will cause a failure. In such acase, the client will flush the cached PIN and force the user tore-authenticate (or re-login).

Remote Lock

In one implementation, a mobile application running on a mobilecommunication device can be remotely locked (or disabled) byinvalidating a session key. Users, via calling a Customer Care, apersonal web portal, or some other mechanism, can implement changes(e.g., change PIN, etc.) that causes the server to invalidate thesession key. In real-time, the next attempt by the client to issue anAPI server call, validation of the session key will fail, which (in oneimplementation) causes the client to automatically flush the cached PINand session key, and force the user to re-authenticate. In addition, theclient can perform additional actions, in addition to flushing thecached PIN and session key. This includes, but is not limited to, one ormore of the following: changing the secure element mode to effectivetemporarily or permanently disable the secure element—i.e., a user canremotely alter the state of the smart chip to lock it remotely; anddeleting all cached data stored in the memory (or disk) of the mobilecommunication device.

Session Time Out

In one implementation, while a client is open, a user has access totransaction data. In such an implementation, users who may misplace amobile communication device while the client is open may expose the userto risk of information theft. Therefore, in one implementation, mobileapplication (or client) shuts down after a period of inactivity.Additional tasks that can be associated with the shutdown procedure caninclude, but is not limited to, temporarily shutting down a secureelement (of the mobile communication device) to prevent NFC payments,NFC coupon redemption, and NFC ticket redemption.

Payment Limit PIN

For payments (mobile commerce ticket purchase, etc.), in oneimplementation a user can prevent either fraudulent purchases oraccidental purchases by forcing a PIN prompt when a purchase amountexceed a user-specified value. In one implementation, a user can controlthis behavior globally (e.g., across all users' payment methods) or on aper-payment-method basis. Thus, when a user purchases ticket and selectsa payment method (to pay for purchase), if the transaction amountexceeds a specified payment method's limit, the client will trigger andprompt for the PIN. In order to proceed with purchase, the user has toenter the correct PIN. The user's input is validated against the cachedPIN on the client. The payment transaction will proceed if validated.Otherwise, an appropriate response is generated to the user.Effectively, this is a mechanism for the user (not the Merchant orIssuing Bank) to throttle/control the dollar amount that can beauthorized for various payments and transactions. In the event of acontactless purchase, the client controls the smart chip. In the eventof an electronic purchase (ticketing, etc.), a server can manages thecontrols.

Local Storage of Payment Security Codes

As a convenience to users, a user can opt-in and have only the securitycodes (CVV, etc.) associated to each of their payment methods locallystores on the client. In one implementation, management tools areprovided to add/delete/edit these security codes. In one implementation,the security codes are encrypted (Key Management of encryption keyperformed by a server) and then only stored in the client on the mobilecommunication device. In one implementation, security codes are notstored in any form on the server. The encryption key and security codescan be kept separately to prevent fraudulent usage.

Although the present invention has been particularly described withreference to implementations discussed above, various changes,modifications and substitutes are can be made. Accordingly, it will beappreciated that in numerous instances some features of the inventioncan be employed without a corresponding use of other features. Further,variations can be made in the number and arrangement of componentsillustrated in the figures discussed above.

What is claimed is:
 1. A method for conducting a near fieldcommunication (NFC) transaction using an NFC protocol, the methodcomprising: receiving at a wireless transceiver at a management serveran identification code from an NFC terminal configured to use the NFCprotocol, the NFC terminal including a terminal processor that receivesthe identification code from a secure element coupled to a mobiledevice, wherein a secure element processor initiates execution of an NFCapplication maintained in secure element memory using the NFC protocoland in response to an NFC inductive signal from the NFC terminal,wherein the NFC application is configured to use the NFC protocol, themobile device including a mobile device display, a mobile device memory,a mobile device processor, and a mobile device transceiver; receiving ata management server processor, a transaction verification from atransaction server which processes the NFC transaction using a paymentmethod corresponding to the identification code transferred from thesecure element memory through the NFC terminal to the management server,wherein the identification code is wirelessly transferred using the NFCapplication and a secure element communication transceiver supporting afirst communication channel comprising the NFC protocol in response tothe NFC inductive signal from the NFC terminal, wherein the transactionverification indicates that the NFC transaction has processed.
 2. Themethod of claim 1, wherein the payment method is a default paymentmethod.
 3. The method of claim 1, wherein the payment method is a userselected payment method.
 4. The method of claim 1, further comprisingapplying a coupon during the near field communication transaction
 5. Themethod of claim 1, further wherein a digital artifact is delivered fromthe management server to the mobile device.
 6. The method of claim 5,wherein the digital artifact comprises an advertisement, receipt,ticket, coupon, media, metadata and/or content.
 7. The method of claim5, wherein the digital artifact includes metadata operable to trigger asecondary call-to-action.
 8. The method of claim 1, further wherein adigital artifact is received through the secure element communicationtransceiver at the secure element after purchase from the NFC terminal.9. The method of claim 1, further wherein data stored on the mobiledevice is encrypted using a mobile operating system native to the mobiledevice
 10. A management server for conducting a near field communicationt(NFC) transaction, using an NFC protocol, the management servercomprising: a management server wireless transceiver that receives anidentification code data from an NFC terminal configured to use the NFCprotocol, the NFC terminal including a terminal processor that receivesthe identification code from a secure element coupled to a mobiledevice, wherein a secure element processor initiates execution of an NFCapplication using the NFC protocol and maintained in secure elementmemory in response to an NFC inductive signal from the NFC terminal,wherein the NFC application is configured to use the NFC protocol, themobile device including a mobile device display, a mobile device memory,a mobile device processor, and a mobile device transceiver; a managementserver processor that receives a transaction verification from atransaction server which processes the NFC transaction using a paymentmethod corresponding to the identification code transferred from thesecure element memory through the NFC terminal to the management server,wherein the identification code is wirelessly transferred to the NFCterminal using the NFC application and a secure element communicationtransceiver supporting a first communication channel comprising the NFCprotocol in response to the NFC inductive signal from the NFC terminal,wherein the transaction verification indicates that the NFC transactionhas processed.
 11. The management server of claim 10, wherein thepayment method is a default payment method.
 12. The management server ofclaim 10, wherein the payment method is a user selected payment method.13. The management server of claim 10, further comprising applying acoupon during the near field communication transaction.
 14. Themanagement server of claim 10, further wherein a digital artifact isdelivered from the management server to the mobile device.
 15. Themanagement server of claim 14, wherein the digital artifact comprises anadvertisement, receipt, ticket, coupon, media, metadata and/or content.16. The management server of claim 14, wherein the digital artifactincludes metadata operable to trigger a secondary call-to-action. 17.The management server of claim 10, further wherein a digital artifact isreceived through the secure element communication transceiver at thesecure element after purchase from the NFC terminal.
 18. The managementserver of claim 10, further wherein data stored on the mobile device isencrypted using a mobile operating system native to the mobile device.19. A computer readable medium for conducting a near field communication(NFC) transaction using an NFC protocol comprising: computer code forreceiving at a wireless transceiver at a management server anidentification code from an NFC terminal configured to use the NFCprotocol, the NFC terminal including a terminal processor that receivesthe identification code from a secure element coupled to a mobiledevice, wherein a secure element processor initiates execution of an NFCapplication maintained in secure element memory using the NFC protocoland in response to an NFC inductive signal from the NFC terminal,wherein the NFC application is configured to use the NFC protocol, themobile device including a mobile device display, a mobile device memory,a mobile device processor, and a mobile device transceiver; computercode for receiving at a management server processor, a transactionverification from a transaction server which processes the NFCtransaction using a payment method corresponding to the identificationcode transferred from the secure element memory through the NFC terminalto the management server, wherein the identification code is wirelesslytransferred using the NFC application and a secure element communicationtransceiver supporting a first communication channel comprising the NFCprotocol in response to the NFC inductive signal from the NFC terminal,wherein the transaction verification indicates that the NFC transactionhas processed.